General
-
Target
2326e2d5bbbf963b748de2f4c34d59ab6e3ef1f6e9329eb7fd299d907357d9c7
-
Size
486KB
-
Sample
240618-1cewnaxanc
-
MD5
5ef364db9f707f08dafc61a5e04a36aa
-
SHA1
1dc521c1ced29b01d5313a85b32a0b8af1ecff6d
-
SHA256
2326e2d5bbbf963b748de2f4c34d59ab6e3ef1f6e9329eb7fd299d907357d9c7
-
SHA512
fdc4af9fe60b5634cc68d8bcdb4f12ad011e1948f0a0755c29c8913d174dd985dca179824b9ac10b17413b079f279bb44e1ebd0f160020047d99ad9fabc6fd58
-
SSDEEP
6144:7L6R7yGpls3Rf1kKMLV3P30NFGQG7eICCjdjPM7Rmvz/4lAOeCX8XlR3:78yy2hf6KMJP3CxIO1E/kX6lR
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
2326e2d5bbbf963b748de2f4c34d59ab6e3ef1f6e9329eb7fd299d907357d9c7
-
Size
486KB
-
MD5
5ef364db9f707f08dafc61a5e04a36aa
-
SHA1
1dc521c1ced29b01d5313a85b32a0b8af1ecff6d
-
SHA256
2326e2d5bbbf963b748de2f4c34d59ab6e3ef1f6e9329eb7fd299d907357d9c7
-
SHA512
fdc4af9fe60b5634cc68d8bcdb4f12ad011e1948f0a0755c29c8913d174dd985dca179824b9ac10b17413b079f279bb44e1ebd0f160020047d99ad9fabc6fd58
-
SSDEEP
6144:7L6R7yGpls3Rf1kKMLV3P30NFGQG7eICCjdjPM7Rmvz/4lAOeCX8XlR3:78yy2hf6KMJP3CxIO1E/kX6lR
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-